In reality, the only function that CAPTCHA on my blog serves is to reduce the number of spam comments

Mark, your site is about security, so you need reliable captcha. Previous and current one are not reliable enough, so you need more secure captcha.

which I have very much enjoyed following

I’m glad that you like it. I hope many people, especially security guys and web developers enjoyed my MoBiC project.

On a side note, I decided to change my own CAPTCHA.

It’s good, because previous captcha was very weak, but new one is unsecure too. As you alrady know from my artcile about Cryptographp captcha.

And after I checked today your new captcha (which is using Cryptographp plugin + additional checks) it is vulnerable. This captcha is vulnerable for session reusing with constant captcha
bypass method + bypassing additional protections. I have written you all details in email. So your captcha need to be improved.

The best way to improve on these is to prove me wrong.

Like I told you, current captcha is unreliable ;-). Man, no need to look for OCR (or cheap work force) when there are holes in captcha. Like I told in Month of Bugs in Captchas using vulnerabilities to bypass captchas is more effective way. So until there are holes in some captcha, it can be reliable.

MustLive, you got any good OCR scripts?

No, Mark, I have not such scripts. I’m only interesting in a posteriori vulnerabilities (holes in algorithms), not a priori vulnerabilities (holes in idea). So I’m as security auditor interesting only in holes in captchas (others two bypassing methods, OCR and cheap work force, is less interesting for me).